From c1d53e9dd972ffd2e49b3ed63290c409569da05e Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 30 Mar 2017 10:26:13 +0200
Subject: [PATCH 1/6] ancestorOrigins: add tests and update Location IDL

See https://github.com/whatwg/html/issues/1918 for the HTML Standard
discussion and https://github.com/whatwg/html/pull/2480 for the HTML
Standard change.
---
 ...ocation-ancestororigins-involved.window.js | 167 ++++++++++++++++++
 .../location-ancestororigins.window.js        |  43 +++++
 .../resources/ancestororigins-embed.py        |  22 +++
 3 files changed, 232 insertions(+)
 create mode 100644 html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
 create mode 100644 html/browsers/history/the-location-interface/location-ancestororigins.window.js
 create mode 100644 html/browsers/history/the-location-interface/resources/ancestororigins-embed.py

diff --git a/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js b/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
new file mode 100644
index 00000000000000..1acddc835dbdcb
--- /dev/null
+++ b/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
@@ -0,0 +1,167 @@
+// META: script=/common/get-host-info.sub.js
+
+const embedPath = new URL("resources/ancestororigins-embed.py", location.href).pathname,
+      info = get_host_info(),
+      localOrigin = info.HTTP_ORIGIN,
+      localEmbed = localOrigin + embedPath,
+      remoteOrigin = info.HTTP_REMOTE_ORIGIN,
+      remoteEmbed = remoteOrigin + embedPath,
+      remoteOrigin2 = info.HTTP_REMOTE_ORIGIN_WITH_DIFFERENT_PORT
+      remoteEmbed2 = remoteOrigin2 + embedPath
+let id = 0
+
+async_test(t => {
+  const iframe = document.createElement("iframe"),
+        localId = ++id
+  iframe.sandbox = "allow-scripts"
+  iframe.src = localEmbed + "?iframe=|" + remoteEmbed + "?id=" + localId
+  document.body.appendChild(iframe)
+  t.add_cleanup(() => iframe.remove())
+
+
+  self.addEventListener("message", t.step_func(e => {
+    if(e.data.id === localId) {
+      assert_array_equals(e.data.output, ["null", localOrigin])
+      t.done()
+    }
+  }))
+}, "Ensure sandboxed iframes show up as null")
+
+// The following code ends up generating multiple tests each with multiple nested <iframe>s. The
+// variables in the array below seed various scenarios, described by "desc". The capital letters
+// describe the <iframe>s in play. When the same letter is used at different nesting levels that
+// means it is same-origin. Some defaulting is used to avoid too much duplication.
+;[
+  {
+    outerPolicy: true,
+    desc: "A uses no-referrer -> B -> A",
+    results: [remoteOrigin, "null"]
+  },
+  {
+    outerPolicy: true,
+    innerEmbed: remoteEmbed2,
+    desc: "A uses no-referrer -> B -> C",
+    results: [remoteOrigin, "null"]
+  },
+  {
+    innerPolicy: true,
+    desc: "A -> B uses no-referrer -> A",
+    results: ["null", localOrigin]
+  },
+  {
+    innerPolicy: true,
+    innerEmbed: remoteEmbed2,
+    desc: "A -> B uses no-referrer -> C",
+    results: ["null", localOrigin]
+  },
+  {
+    innerPolicy: true,
+    outerEmbed: localEmbed,
+    innerEmbed: remoteEmbed,
+    desc: "A -> A uses no-referrer -> C",
+    results: ["null", "null"],
+    intermediateResults: [localOrigin]
+  },
+  {
+    innerPolicy: true,
+    outerEmbed: localEmbed,
+    desc: "A -> A uses no-referrer -> A",
+    results: ["null", "null"],
+    intermediateResults: [localOrigin]
+  }
+].forEach(val => {
+  async_test(t => {
+    if(!val.intermediateResults) {
+      val.intermediateResults = [val.results[1]]
+    }
+    if(!val.outerEmbed) {
+      val.outerEmbed = remoteEmbed
+    }
+    if(!val.innerEmbed) {
+      val.innerEmbed = localEmbed
+    }
+
+    const iframe = document.createElement("iframe"),
+          innerId = ++id,
+          innermostId = ++id
+    if(val.outerPolicy) {
+      iframe.referrerPolicy = "no-referrer"
+    }
+    let innerPolicy = ""
+    if(val.innerPolicy) {
+      innerPolicy = "no-referrer"
+    }
+    iframe.src = val.outerEmbed + "?id=" + innerId + "&iframe=" + innerPolicy + "|" + val.innerEmbed + "?id=" + innermostId
+    document.body.appendChild(iframe)
+    t.add_cleanup(() => iframe.remove())
+
+    let almostDone = false
+    function localDone () {
+      if(almostDone) {
+        t.done()
+      }
+      almostDone = true
+    }
+
+    self.addEventListener("message", t.step_func(e => {
+      if(e.data.id === innerId) {
+        assert_array_equals(e.data.output, val.intermediateResults)
+        localDone()
+      }
+      else if(e.data.id === innermostId) {
+        assert_array_equals(e.data.output, val.results)
+        localDone()
+      }
+    }))
+  }, val.desc)
+})
+
+;[
+  {
+    desc: "A -> B -> B uses no-referrer -> A",
+    innerinnerEmbed: localEmbed
+  },
+  {
+    desc: "A -> B -> B uses no-referrer -> B",
+    innerinnerEmbed: remoteEmbed
+  },
+  {
+    desc: "A -> B -> B uses no-referrer -> C",
+    innerinnerEmbed: remoteEmbed2
+  }
+].forEach(val => {
+  async_test(t => {
+    const iframe = document.createElement("iframe"),
+          localId = ++id
+    iframe.src = remoteEmbed + "?iframe=|" + remoteEmbed + "?iframe=no-referrer%257C" + val.innerinnerEmbed + "?id=" + localId
+    document.body.appendChild(iframe)
+    t.add_cleanup(() => iframe.remove())
+
+    self.addEventListener("message", t.step_func(e => {
+      if(e.data.id === localId) {
+        assert_array_equals(e.data.output, ["null", "null", localOrigin])
+        t.done()
+      }
+    }))
+  }, val.desc)
+})
+
+async_test(t => {
+  const iframe = document.createElement("iframe"),
+        localId = ++id
+  document.body.appendChild(iframe)
+  t.add_cleanup(() => iframe.remove())
+
+  const a = document.createElement("a")
+  a.rel = "noreferrer"
+  a.href = localEmbed + "?id=" + localId
+  iframe.contentDocument.body.appendChild(a)
+  a.click()
+
+  self.addEventListener("message", t.step_func(e => {
+    if(e.data.id === localId) {
+      assert_array_equals(e.data.output, ["null"])
+      t.done()
+    }
+  }))
+}, "rel=noreferrer should redact")
diff --git a/html/browsers/history/the-location-interface/location-ancestororigins.window.js b/html/browsers/history/the-location-interface/location-ancestororigins.window.js
new file mode 100644
index 00000000000000..70b11620bf3775
--- /dev/null
+++ b/html/browsers/history/the-location-interface/location-ancestororigins.window.js
@@ -0,0 +1,43 @@
+test(() => {
+  assert_equals(location.ancestorOrigins.length, 0)
+}, "location.ancestorOrigins basic check")
+
+async_test(t => {
+  const frame = document.createElement("iframe"),
+        rp = document.createElement("meta")
+  frame.onload = t.step_func_done(() => {
+    const ancestorOrigins = frame.contentWindow.location.ancestorOrigins
+    assert_equals(ancestorOrigins[0], self.origin)
+    assert_equals(ancestorOrigins.length, 1)
+
+    rp.name = "referrer"
+    rp.content = "no-referrer"
+    document.head.appendChild(rp)
+    assert_equals(self[0].location.ancestorOrigins, ancestorOrigins)
+    assert_equals(ancestorOrigins[0], self.origin)
+    assert_equals(ancestorOrigins.length, 1)
+    rp.remove()
+
+    frame.referrerPolicy = "no-referrer"
+    assert_equals(self[0].location.ancestorOrigins, ancestorOrigins)
+    assert_equals(ancestorOrigins[0], self.origin)
+    assert_equals(ancestorOrigins.length, 1)
+
+    frame.remove()
+  })
+  frame.src = "/common/blank.html"
+  document.body.appendChild(frame)
+}, "location.ancestorOrigins cannot be masked by a dynamic referrer policy")
+
+async_test(t => {
+  const frame = document.createElement("iframe")
+  frame.onload = t.step_func_done(() => {
+    const ancestorOrigins = frame.contentWindow.location.ancestorOrigins
+    assert_equals(ancestorOrigins[0], "null")
+    assert_equals(ancestorOrigins.length, 1)
+    frame.remove()
+  })
+  frame.src = "/common/blank.html"
+  frame.referrerPolicy = "no-referrer"
+  document.body.appendChild(frame)
+}, "location.ancestorOrigins can be masked by a predetermined referrer policy")
diff --git a/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py b/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py
new file mode 100644
index 00000000000000..fceb637d22add1
--- /dev/null
+++ b/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py
@@ -0,0 +1,22 @@
+def main(request, response):
+    body = ""
+
+    if "iframe" in request.GET:
+        frame = request.GET.first("iframe").split("|")
+        frameReferrer = frame[0]
+        frameURL = frame[1]
+        if frameReferrer != "":
+            frameReferrer = " referrerpolicy=" + frameReferrer
+
+        body = ("<iframe src=\"%s\"%s></iframe>" % (frameURL, frameReferrer)) + "\n"
+
+    if "id" in request.GET:
+        body = body + """<script>
+let output = [...self.location.ancestorOrigins]
+top.postMessage({ id: %s, output }, "*")
+</script>
+""" % request.GET.first("id")
+
+    if body == "":
+        return "Please specify either or both the 'iframe' and 'id' GET parameters."
+    return body

From 0c9d1eb88ba7b123de482d677933691b68055e2b Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 16 May 2017 19:10:16 +0200
Subject: [PATCH 2/6] Add IDNA test for
 https://github.com/whatwg/html/issues/2568

---
 .../location-ancestororigins.window.js        | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/html/browsers/history/the-location-interface/location-ancestororigins.window.js b/html/browsers/history/the-location-interface/location-ancestororigins.window.js
index 70b11620bf3775..be542e281be90f 100644
--- a/html/browsers/history/the-location-interface/location-ancestororigins.window.js
+++ b/html/browsers/history/the-location-interface/location-ancestororigins.window.js
@@ -41,3 +41,32 @@ async_test(t => {
   frame.referrerPolicy = "no-referrer"
   document.body.appendChild(frame)
 }, "location.ancestorOrigins can be masked by a predetermined referrer policy")
+
+async_test(t => {
+  const frame = document.createElement("iframe")
+  t.add_cleanup(() => {
+    frame.remove()
+  })
+  frame.src = new URL("resources/ancestororigins-embed.py?id=123&iframe=|./ancestororigins-embed.py%3Fid=1234", location.href.replace("://", "://天気の良い日.")).href
+  document.body.appendChild(frame)
+
+  let almostDone = false
+  function localDone() {
+    if(almostDone) {
+      t.done()
+    }
+    almostDone = true
+  }
+
+  self.onmessage = t.step_func(e => {
+    if(e.data.id === 123) {
+      assert_array_equals(e.data.output, [location.origin])
+      localDone()
+    } else if(e.data.id === 1234) {
+      assert_array_equals(e.data.output, [location.origin.replace("://", "://xn--n8j6ds53lwwkrqhv28a."), location.origin])
+      localDone()
+    } else {
+      assert_unreached()
+    }
+  })
+}, "location.ancestorOrigins and IDNA")

From 9c803adc7771a86593aea40f1856ba0437a16bc5 Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 5 Feb 2018 16:48:20 +0100
Subject: [PATCH 3/6] semicolons for everyone

---
 ...ocation-ancestororigins-involved.window.js | 111 +++++++++---------
 .../location-ancestororigins.window.js        |  88 +++++++-------
 .../resources/ancestororigins-embed.py        |   4 +-
 3 files changed, 100 insertions(+), 103 deletions(-)

diff --git a/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js b/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
index 1acddc835dbdcb..056f36bd50ced4 100644
--- a/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
+++ b/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
@@ -6,32 +6,31 @@ const embedPath = new URL("resources/ancestororigins-embed.py", location.href).p
       localEmbed = localOrigin + embedPath,
       remoteOrigin = info.HTTP_REMOTE_ORIGIN,
       remoteEmbed = remoteOrigin + embedPath,
-      remoteOrigin2 = info.HTTP_REMOTE_ORIGIN_WITH_DIFFERENT_PORT
-      remoteEmbed2 = remoteOrigin2 + embedPath
-let id = 0
+      remoteOrigin2 = info.HTTP_REMOTE_ORIGIN_WITH_DIFFERENT_PORT,
+      remoteEmbed2 = remoteOrigin2 + embedPath;
+let id = 0;
 
 async_test(t => {
   const iframe = document.createElement("iframe"),
-        localId = ++id
-  iframe.sandbox = "allow-scripts"
-  iframe.src = localEmbed + "?iframe=|" + remoteEmbed + "?id=" + localId
-  document.body.appendChild(iframe)
-  t.add_cleanup(() => iframe.remove())
-
+        localId = ++id;
+  iframe.sandbox = "allow-scripts";
+  iframe.src = localEmbed + "?iframe=|" + remoteEmbed + "?id=" + localId;
+  document.body.appendChild(iframe);
+  t.add_cleanup(() => iframe.remove());
 
   self.addEventListener("message", t.step_func(e => {
     if(e.data.id === localId) {
-      assert_array_equals(e.data.output, ["null", localOrigin])
-      t.done()
+      assert_array_equals(e.data.output, ["null", localOrigin]);
+      t.done();
     }
-  }))
-}, "Ensure sandboxed iframes show up as null")
+  }));
+}, "Ensure sandboxed iframes show up as null");
 
 // The following code ends up generating multiple tests each with multiple nested <iframe>s. The
 // variables in the array below seed various scenarios, described by "desc". The capital letters
 // describe the <iframe>s in play. When the same letter is used at different nesting levels that
 // means it is same-origin. Some defaulting is used to avoid too much duplication.
-;[
+[
   {
     outerPolicy: true,
     desc: "A uses no-referrer -> B -> A",
@@ -72,51 +71,51 @@ async_test(t => {
 ].forEach(val => {
   async_test(t => {
     if(!val.intermediateResults) {
-      val.intermediateResults = [val.results[1]]
+      val.intermediateResults = [val.results[1]];
     }
     if(!val.outerEmbed) {
-      val.outerEmbed = remoteEmbed
+      val.outerEmbed = remoteEmbed;
     }
     if(!val.innerEmbed) {
-      val.innerEmbed = localEmbed
+      val.innerEmbed = localEmbed;
     }
 
     const iframe = document.createElement("iframe"),
           innerId = ++id,
-          innermostId = ++id
+          innermostId = ++id;
     if(val.outerPolicy) {
-      iframe.referrerPolicy = "no-referrer"
+      iframe.referrerPolicy = "no-referrer";
     }
-    let innerPolicy = ""
+    let innerPolicy = "";
     if(val.innerPolicy) {
-      innerPolicy = "no-referrer"
+      innerPolicy = "no-referrer";
     }
-    iframe.src = val.outerEmbed + "?id=" + innerId + "&iframe=" + innerPolicy + "|" + val.innerEmbed + "?id=" + innermostId
-    document.body.appendChild(iframe)
-    t.add_cleanup(() => iframe.remove())
+    iframe.src = val.outerEmbed + "?id=" + innerId + "&iframe=" + innerPolicy + "|" + val.innerEmbed + "?id=" + innermostId;
+    document.body.appendChild(iframe);
+    t.add_cleanup(() => iframe.remove());
 
-    let almostDone = false
+    let almostDone = false;
     function localDone () {
       if(almostDone) {
-        t.done()
+        t.done();
       }
-      almostDone = true
+      almostDone = true;
     }
 
     self.addEventListener("message", t.step_func(e => {
       if(e.data.id === innerId) {
-        assert_array_equals(e.data.output, val.intermediateResults)
-        localDone()
+        assert_array_equals(e.data.output, val.intermediateResults);
+        localDone();
       }
       else if(e.data.id === innermostId) {
-        assert_array_equals(e.data.output, val.results)
-        localDone()
+        assert_array_equals(e.data.output, val.results);
+        localDone();
       }
-    }))
-  }, val.desc)
-})
+    }));
+  }, val.desc);
+});
 
-;[
+[
   {
     desc: "A -> B -> B uses no-referrer -> A",
     innerinnerEmbed: localEmbed
@@ -132,36 +131,36 @@ async_test(t => {
 ].forEach(val => {
   async_test(t => {
     const iframe = document.createElement("iframe"),
-          localId = ++id
-    iframe.src = remoteEmbed + "?iframe=|" + remoteEmbed + "?iframe=no-referrer%257C" + val.innerinnerEmbed + "?id=" + localId
-    document.body.appendChild(iframe)
-    t.add_cleanup(() => iframe.remove())
+          localId = ++id;
+    iframe.src = remoteEmbed + "?iframe=|" + remoteEmbed + "?iframe=no-referrer%257C" + val.innerinnerEmbed + "?id=" + localId;
+    document.body.appendChild(iframe);
+    t.add_cleanup(() => iframe.remove());
 
     self.addEventListener("message", t.step_func(e => {
       if(e.data.id === localId) {
-        assert_array_equals(e.data.output, ["null", "null", localOrigin])
-        t.done()
+        assert_array_equals(e.data.output, ["null", "null", localOrigin]);
+        t.done();
       }
-    }))
-  }, val.desc)
-})
+    }));
+  }, val.desc);
+});
 
 async_test(t => {
   const iframe = document.createElement("iframe"),
-        localId = ++id
-  document.body.appendChild(iframe)
-  t.add_cleanup(() => iframe.remove())
+        localId = ++id;
+  document.body.appendChild(iframe);
+  t.add_cleanup(() => iframe.remove());
 
-  const a = document.createElement("a")
-  a.rel = "noreferrer"
-  a.href = localEmbed + "?id=" + localId
-  iframe.contentDocument.body.appendChild(a)
-  a.click()
+  const a = document.createElement("a");
+  a.rel = "noreferrer";
+  a.href = localEmbed + "?id=" + localId;
+  iframe.contentDocument.body.appendChild(a);
+  a.click();
 
   self.addEventListener("message", t.step_func(e => {
     if(e.data.id === localId) {
-      assert_array_equals(e.data.output, ["null"])
-      t.done()
+      assert_array_equals(e.data.output, ["null"]);
+      t.done();
     }
-  }))
-}, "rel=noreferrer should redact")
+  }));
+}, "rel=noreferrer should redact");
diff --git a/html/browsers/history/the-location-interface/location-ancestororigins.window.js b/html/browsers/history/the-location-interface/location-ancestororigins.window.js
index be542e281be90f..cf4ce6912bc32d 100644
--- a/html/browsers/history/the-location-interface/location-ancestororigins.window.js
+++ b/html/browsers/history/the-location-interface/location-ancestororigins.window.js
@@ -1,72 +1,70 @@
 test(() => {
   assert_equals(location.ancestorOrigins.length, 0)
-}, "location.ancestorOrigins basic check")
+}, "location.ancestorOrigins basic check");
 
 async_test(t => {
   const frame = document.createElement("iframe"),
-        rp = document.createElement("meta")
+        rp = document.createElement("meta");
   frame.onload = t.step_func_done(() => {
-    const ancestorOrigins = frame.contentWindow.location.ancestorOrigins
-    assert_equals(ancestorOrigins[0], self.origin)
-    assert_equals(ancestorOrigins.length, 1)
+    const ancestorOrigins = frame.contentWindow.location.ancestorOrigins;
+    assert_equals(ancestorOrigins[0], self.origin);
+    assert_equals(ancestorOrigins.length, 1);
 
-    rp.name = "referrer"
-    rp.content = "no-referrer"
-    document.head.appendChild(rp)
-    assert_equals(self[0].location.ancestorOrigins, ancestorOrigins)
-    assert_equals(ancestorOrigins[0], self.origin)
-    assert_equals(ancestorOrigins.length, 1)
-    rp.remove()
+    rp.name = "referrer";
+    rp.content = "no-referrer";
+    document.head.appendChild(rp);
+    assert_equals(self[0].location.ancestorOrigins, ancestorOrigins);
+    assert_equals(ancestorOrigins[0], self.origin);
+    assert_equals(ancestorOrigins.length, 1);
+    rp.remove();
 
-    frame.referrerPolicy = "no-referrer"
-    assert_equals(self[0].location.ancestorOrigins, ancestorOrigins)
-    assert_equals(ancestorOrigins[0], self.origin)
-    assert_equals(ancestorOrigins.length, 1)
+    frame.referrerPolicy = "no-referrer";
+    assert_equals(self[0].location.ancestorOrigins, ancestorOrigins);
+    assert_equals(ancestorOrigins[0], self.origin);
+    assert_equals(ancestorOrigins.length, 1);
 
-    frame.remove()
+    frame.remove();
   })
-  frame.src = "/common/blank.html"
-  document.body.appendChild(frame)
-}, "location.ancestorOrigins cannot be masked by a dynamic referrer policy")
+  frame.src = "/common/blank.html";
+  document.body.appendChild(frame);
+}, "location.ancestorOrigins cannot be masked by a dynamic referrer policy");
 
 async_test(t => {
-  const frame = document.createElement("iframe")
+  const frame = document.createElement("iframe");
   frame.onload = t.step_func_done(() => {
-    const ancestorOrigins = frame.contentWindow.location.ancestorOrigins
-    assert_equals(ancestorOrigins[0], "null")
-    assert_equals(ancestorOrigins.length, 1)
-    frame.remove()
+    const ancestorOrigins = frame.contentWindow.location.ancestorOrigins;
+    assert_equals(ancestorOrigins[0], "null");
+    assert_equals(ancestorOrigins.length, 1);
+    frame.remove();
   })
-  frame.src = "/common/blank.html"
-  frame.referrerPolicy = "no-referrer"
-  document.body.appendChild(frame)
-}, "location.ancestorOrigins can be masked by a predetermined referrer policy")
+  frame.src = "/common/blank.html";
+  frame.referrerPolicy = "no-referrer";
+  document.body.appendChild(frame);
+}, "location.ancestorOrigins can be masked by a predetermined referrer policy");
 
 async_test(t => {
-  const frame = document.createElement("iframe")
-  t.add_cleanup(() => {
-    frame.remove()
-  })
-  frame.src = new URL("resources/ancestororigins-embed.py?id=123&iframe=|./ancestororigins-embed.py%3Fid=1234", location.href.replace("://", "://天気の良い日.")).href
-  document.body.appendChild(frame)
+  const frame = document.createElement("iframe");
+  t.add_cleanup(() => frame.remove());
+  frame.src = new URL("resources/ancestororigins-embed.py?id=123&iframe=|./ancestororigins-embed.py%3Fid=1234", location.href.replace("://", "://天気の良い日.")).href;
+  document.body.appendChild(frame);
 
-  let almostDone = false
+  let almostDone = false;
   function localDone() {
     if(almostDone) {
-      t.done()
+      t.done();
     }
-    almostDone = true
+    almostDone = true;
   }
 
   self.onmessage = t.step_func(e => {
     if(e.data.id === 123) {
-      assert_array_equals(e.data.output, [location.origin])
-      localDone()
+      assert_array_equals(e.data.output, [location.origin]);
+      localDone();
     } else if(e.data.id === 1234) {
-      assert_array_equals(e.data.output, [location.origin.replace("://", "://xn--n8j6ds53lwwkrqhv28a."), location.origin])
-      localDone()
+      assert_array_equals(e.data.output, [location.origin.replace("://", "://xn--n8j6ds53lwwkrqhv28a."), location.origin]);
+      localDone();
     } else {
-      assert_unreached()
+      assert_unreached();
     }
-  })
-}, "location.ancestorOrigins and IDNA")
+  });
+}, "location.ancestorOrigins and IDNA");
diff --git a/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py b/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py
index fceb637d22add1..4c9fb570d17bb9 100644
--- a/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py
+++ b/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py
@@ -12,8 +12,8 @@ def main(request, response):
 
     if "id" in request.GET:
         body = body + """<script>
-let output = [...self.location.ancestorOrigins]
-top.postMessage({ id: %s, output }, "*")
+let output = [...self.location.ancestorOrigins];
+top.postMessage({ id: %s, output }, "*");
 </script>
 """ % request.GET.first("id")
 

From 2ad406ccfe5c6b09464dbc90f0bb0dbd8b9accb4 Mon Sep 17 00:00:00 2001
From: Simon Pieters <zcorpan@gmail.com>
Date: Fri, 7 Nov 2025 09:57:14 +0100
Subject: [PATCH 4/6] Fix ancestororigins-embed.py to use byte strings; check
 for ancestorOrigins support

---
 .../location-ancestororigins-involved.window.js      | 10 +++++++++-
 .../location-ancestororigins.window.js               |  8 ++++++++
 .../resources/ancestororigins-embed.py               | 12 ++++++------
 3 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js b/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
index 056f36bd50ced4..ae1d719cbd7352 100644
--- a/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
+++ b/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
@@ -1,5 +1,9 @@
 // META: script=/common/get-host-info.sub.js
 
+function checkSupported() {
+  assert_implements('ancestorOrigins' in location, 'location.ancestorOrigins should be supported');
+}
+
 const embedPath = new URL("resources/ancestororigins-embed.py", location.href).pathname,
       info = get_host_info(),
       localOrigin = info.HTTP_ORIGIN,
@@ -11,10 +15,11 @@ const embedPath = new URL("resources/ancestororigins-embed.py", location.href).p
 let id = 0;
 
 async_test(t => {
+  checkSupported();
   const iframe = document.createElement("iframe"),
         localId = ++id;
   iframe.sandbox = "allow-scripts";
-  iframe.src = localEmbed + "?iframe=|" + remoteEmbed + "?id=" + localId;
+  iframe.src = localEmbed + "?iframe=|" + encodeURIComponent(remoteEmbed) + "?id=" + localId;
   document.body.appendChild(iframe);
   t.add_cleanup(() => iframe.remove());
 
@@ -70,6 +75,7 @@ async_test(t => {
   }
 ].forEach(val => {
   async_test(t => {
+    checkSupported();
     if(!val.intermediateResults) {
       val.intermediateResults = [val.results[1]];
     }
@@ -130,6 +136,7 @@ async_test(t => {
   }
 ].forEach(val => {
   async_test(t => {
+    checkSupported();
     const iframe = document.createElement("iframe"),
           localId = ++id;
     iframe.src = remoteEmbed + "?iframe=|" + remoteEmbed + "?iframe=no-referrer%257C" + val.innerinnerEmbed + "?id=" + localId;
@@ -146,6 +153,7 @@ async_test(t => {
 });
 
 async_test(t => {
+  checkSupported();
   const iframe = document.createElement("iframe"),
         localId = ++id;
   document.body.appendChild(iframe);
diff --git a/html/browsers/history/the-location-interface/location-ancestororigins.window.js b/html/browsers/history/the-location-interface/location-ancestororigins.window.js
index cf4ce6912bc32d..5742c6a4c25354 100644
--- a/html/browsers/history/the-location-interface/location-ancestororigins.window.js
+++ b/html/browsers/history/the-location-interface/location-ancestororigins.window.js
@@ -1,8 +1,14 @@
+function checkSupported() {
+  assert_implements('ancestorOrigins' in location, 'location.ancestorOrigins should be supported');
+}
+
 test(() => {
+  checkSupported();
   assert_equals(location.ancestorOrigins.length, 0)
 }, "location.ancestorOrigins basic check");
 
 async_test(t => {
+  checkSupported();
   const frame = document.createElement("iframe"),
         rp = document.createElement("meta");
   frame.onload = t.step_func_done(() => {
@@ -30,6 +36,7 @@ async_test(t => {
 }, "location.ancestorOrigins cannot be masked by a dynamic referrer policy");
 
 async_test(t => {
+  checkSupported();
   const frame = document.createElement("iframe");
   frame.onload = t.step_func_done(() => {
     const ancestorOrigins = frame.contentWindow.location.ancestorOrigins;
@@ -43,6 +50,7 @@ async_test(t => {
 }, "location.ancestorOrigins can be masked by a predetermined referrer policy");
 
 async_test(t => {
+  checkSupported();
   const frame = document.createElement("iframe");
   t.add_cleanup(() => frame.remove());
   frame.src = new URL("resources/ancestororigins-embed.py?id=123&iframe=|./ancestororigins-embed.py%3Fid=1234", location.href.replace("://", "://天気の良い日.")).href;
diff --git a/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py b/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py
index 4c9fb570d17bb9..f6ddbfe67fd208 100644
--- a/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py
+++ b/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py
@@ -1,21 +1,21 @@
 def main(request, response):
     body = ""
 
-    if "iframe" in request.GET:
-        frame = request.GET.first("iframe").split("|")
-        frameReferrer = frame[0]
-        frameURL = frame[1]
+    if b"iframe" in request.GET:
+        frame = request.GET.first(b"iframe").split(b"|")
+        frameReferrer = frame[0].decode("utf-8")
+        frameURL = frame[1].decode("utf-8")
         if frameReferrer != "":
             frameReferrer = " referrerpolicy=" + frameReferrer
 
         body = ("<iframe src=\"%s\"%s></iframe>" % (frameURL, frameReferrer)) + "\n"
 
-    if "id" in request.GET:
+    if b"id" in request.GET:
         body = body + """<script>
 let output = [...self.location.ancestorOrigins];
 top.postMessage({ id: %s, output }, "*");
 </script>
-""" % request.GET.first("id")
+""" % request.GET.first(b"id").decode("utf-8")
 
     if body == "":
         return "Please specify either or both the 'iframe' and 'id' GET parameters."

From cd3a5366c1d55609a680f994c4e6508f0212bf18 Mon Sep 17 00:00:00 2001
From: Simon Pieters <zcorpan@gmail.com>
Date: Fri, 7 Nov 2025 10:38:38 +0100
Subject: [PATCH 5/6] Reduce console log warnings; wait for about:blank to load
 before mutating and navigating

---
 ...ocation-ancestororigins-involved.window.js | 25 +++++++++++--------
 .../resources/ancestororigins-embed.py        |  9 ++++---
 2 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js b/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
index ae1d719cbd7352..86e88e5bb27b9e 100644
--- a/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
+++ b/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
@@ -159,16 +159,19 @@ async_test(t => {
   document.body.appendChild(iframe);
   t.add_cleanup(() => iframe.remove());
 
-  const a = document.createElement("a");
-  a.rel = "noreferrer";
-  a.href = localEmbed + "?id=" + localId;
-  iframe.contentDocument.body.appendChild(a);
-  a.click();
+  iframe.addEventListener('load', () => {
+    const a = document.createElement("a");
+    a.rel = "noreferrer";
+    a.href = localEmbed + "?id=" + localId;
+    a.textContent = 'click here';
+    iframe.contentDocument.body.appendChild(a);
 
-  self.addEventListener("message", t.step_func(e => {
-    if(e.data.id === localId) {
-      assert_array_equals(e.data.output, ["null"]);
-      t.done();
-    }
-  }));
+    self.addEventListener("message", t.step_func(e => {
+      if(e.data.id === localId) {
+        assert_array_equals(e.data.output, ["null"]);
+        t.done();
+      }
+    }));
+    a.click();
+  }, {once: true});
 }, "rel=noreferrer should redact");
diff --git a/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py b/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py
index f6ddbfe67fd208..e16e5cbd61aa04 100644
--- a/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py
+++ b/html/browsers/history/the-location-interface/resources/ancestororigins-embed.py
@@ -1,5 +1,6 @@
 def main(request, response):
-    body = ""
+    headers = [("Content-Type", "text/html; charset=utf-8")]
+    body = "<!doctype html>"
 
     if b"iframe" in request.GET:
         frame = request.GET.first(b"iframe").split(b"|")
@@ -8,7 +9,7 @@ def main(request, response):
         if frameReferrer != "":
             frameReferrer = " referrerpolicy=" + frameReferrer
 
-        body = ("<iframe src=\"%s\"%s></iframe>" % (frameURL, frameReferrer)) + "\n"
+        body = body + ("<iframe src=\"%s\"%s></iframe>" % (frameURL, frameReferrer)) + "\n"
 
     if b"id" in request.GET:
         body = body + """<script>
@@ -17,6 +18,6 @@ def main(request, response):
 </script>
 """ % request.GET.first(b"id").decode("utf-8")
 
-    if body == "":
+    if body == "<!doctype html>":
         return "Please specify either or both the 'iframe' and 'id' GET parameters."
-    return body
+    return (headers, body)

From ab36f9b8751dd6a8f3f0017ab69aebf10c833f00 Mon Sep 17 00:00:00 2001
From: Simon Pieters <zcorpan@gmail.com>
Date: Fri, 7 Nov 2025 11:01:19 +0100
Subject: [PATCH 6/6] Fix expectations for rel=noreferrer test

---
 .../location-ancestororigins-involved.window.js            | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js b/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
index 86e88e5bb27b9e..1a100edac3f968 100644
--- a/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
+++ b/html/browsers/history/the-location-interface/location-ancestororigins-involved.window.js
@@ -152,10 +152,13 @@ async_test(t => {
   }, val.desc);
 });
 
+// rel=noreferrer sets https://html.spec.whatwg.org/#document-state-request-referrer-policy
+// but does not affect https://html.spec.whatwg.org/#policy-container-referrer-policy
 async_test(t => {
   checkSupported();
   const iframe = document.createElement("iframe"),
         localId = ++id;
+  iframe.src = '/common/blank.html';
   document.body.appendChild(iframe);
   t.add_cleanup(() => iframe.remove());
 
@@ -168,10 +171,10 @@ async_test(t => {
 
     self.addEventListener("message", t.step_func(e => {
       if(e.data.id === localId) {
-        assert_array_equals(e.data.output, ["null"]);
+        assert_array_equals(e.data.output, [localOrigin]);
         t.done();
       }
     }));
     a.click();
   }, {once: true});
-}, "rel=noreferrer should redact");
+}, "rel=noreferrer should not affect ancestorOrigins");